Hello everyone,
By this post, I would propose you a refactoring of the security module, motivated by the need to add new code to it without currently having a suitable place to put it.
As of today, the security module is structured as follows :
-
security-api
authorization
-
security-authentication
authentication-api
authentication-default
authentication-script
authentication-ui
-
security-bridge
authorization.internal
-
security-script
authorization.script
Taking into consideration the authorization related code, we could take it out of security-api
and put it into its own module folder to the same level of authentication and by the way, security-bridge
is mostly about authorization too, so it could be put in authorization module.
Also, current authorization module includes more generic classes that could be extracted from this module to create a new security module which could be named security-access
or security-common
and this one could include all SecurityReference
, SecurityRight
, SecurityAccess
, SecurityEntry
and SecurityRule
related code. I would also place RightUpdatedEvent
and SecurityCache
into it.
Eventually, the code I want to add, new xwiki.properties and thus configuration, could be added to this module and this module will eventually fit future security related code that may not fit into an other security module.
At last, the security-script
could be splitted in the way the top level SecurityScriptService
in the newly proposed security-access
module and each nested script should be placed into corresponding modules. I don’t know yet if nested scripts should be placed in authorization-api
for example or in authorization-script
.
Hence, the proposed refactored security module will look like:
-
security-access
(this name is open for debate)-
SecurityReference
,SecurityRight
,SecurityAccess
,SecurityEntry
,SecurityRule
… - other security related code that doesn’t need its own module
-
-
security-authorization
authorization-api
authorization-bridge
authorization-script
-
security-authentication
authentication-api
authentication-default
authentication-script
authentication-ui
That said, I’m looking forward your opinion about this refactoring and the name of the generic security module but, we certainly need to refactor it anyway.
Thank you!